Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Malware Strikes With Valid Digital Certificate

Thor Olavsrud | Feb. 5, 2013
One of the foundational elements of ecommerce is the web of trust enabled by digital certificates. When you go to a web site, you can feel confident that it's legitimate because it has a certificate from a recognized certificate authority that validates it. But the certificates themselves can be vulnerable. Case in point: Security firm Malwarebytes recently discovered some malware in the wild with a valid, signed digital certificate.

Digital Certificates Used for Spear Phishing Attacks

"Digital certificate theft can be used in targeted attacks as [for] spear phishing, for example," Segura says. "As we know, one of the weakest links in the security chain is the end-user (and this is especially true in the enterprise world). An attacker can easily find out or guess what antivirus a company is running and craft a piece of malware that will not be detected by it. Because such attacks are very narrow, the sample will not be disseminated around the world, making its discovery less likely."

Segura recommends that end-users still check for valid digital certificates before opening an attachment received via email (even if they know the sender). But he also recommends following two basic but "powerful" rules:

  • Check the file extension and beware the multiple file extension trick (i.e., document.pdf.xls.exe)
  • Never trust file icons; just because it looks like a Word document or PDF, that doesn't mean it is.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.